#SideCopy - Twitter Hashtag

about 11 hours ago

Pakistan-linked SideCopy targets Afghanistan's Finance Ministry with Xeno RAT in Operation XENOFISCAL. Link: https://t.co/1ZIPBG1fSm #SideCopy #XenoRAT #XENOFISCAL #Afghanistan #Finance #Ministry #Phishing #Malware #Spyware #RAT #Cybersecurity #Infosec #ThreatIntel #APT36 #Pakistan #Espionage #Attack #Campaign #Targeting #Breach

dailytechonx's tweet photo. Pakistan-linked SideCopy targets Afghanistan's Finance Ministry with Xeno RAT in Operation XENOFISCAL. Link: https://t.co/1ZIPBG1fSm #SideCopy #XenoRAT #XENOFISCAL #Afghanistan #Finance #Ministry #Phishing #Malware #Spyware #RAT #Cybersecurity #Infosec #ThreatIntel #APT36 #Pakistan #Espionage #Attack #Campaign #Targeting #Breach

0

45

Gray Hats @the_yellow_fall

about 16 hours ago

A deep look at the SideCopy XenoRAT malware attack targeting the Afghan Ministry of Finance. Learn how Operation XENOFISCAL bypasses defenses. #SideCopy #XenoRAT #CyberSecurity #OperationXENOFISCAL #ThreatIntel https://t.co/AR3xOpcyWd

the_yellow_fall's tweet photo. A deep look at the SideCopy XenoRAT malware attack targeting the Afghan Ministry of Finance. Learn how Operation XENOFISCAL bypasses defenses.

#SideCopy #XenoRAT #CyberSecurity #OperationXENOFISCAL #ThreatIntel
https://t.co/AR3xOpcyWd https://t.co/LYCphoYIEB

0

8

2

1

401

Threat Intelligence @threatintel

1 day ago

#ThreatProtection Operation #XENOFISCAL attributed to Pakistan-linked #SideCopy, which uses in-memory loaders and encrypted C2 channels to deploy XenoRAT and maintain covert access within government environments, read more: https://t.co/gNI6rgfDZx

0

5

2

3

1K

The Daily Tech Feed

@dailytechonx

1 day ago

SideCopy APT targets Afghanistan's Finance Ministry with XenoRAT malware in Operation XENOFISCAL. Learn about their sophisticated attack methods and how to protect your organization. Link: https://t.co/SuDbJkSSzT #SideCopy #XenoRAT #Afghanistan #Finance #Ministry #Malware #Cyberattack #APT #Espionage #Phishing #RAT #Infosec #ThreatIntel #Breach #Defense #Security #OperationXENOFISCAL #Surveillance #Intrusion #Targeting

dailytechonx's tweet photo. SideCopy APT targets Afghanistan's Finance Ministry with XenoRAT malware in Operation XENOFISCAL. Learn about their sophisticated attack methods and how to protect your organization. Link: https://t.co/SuDbJkSSzT #SideCopy #XenoRAT #Afghanistan #Finance #Ministry #Malware #Cyberattack #APT #Espionage #Phishing #RAT #Infosec #ThreatIntel #Breach #Defense #Security #OperationXENOFISCAL #Surveillance #Intrusion #Targeting

0

22

Cyber Netsec IO

@NetSecIO

1 day ago

APT group SideCopy targets Afghanistan's Finance Ministry in 'Operation XENOFISCAL.' The campaign uses Pashto-language spear-phishing lures to deploy the XenoRAT trojan for espionage. 🇵🇰-aligned group continues focus on South Asia. #APT #SideCopy #... 🌐 cyber[.]netsecops[.]io

NetSecIO's tweet photo. APT group SideCopy targets Afghanistan's Finance Ministry in 'Operation XENOFISCAL.' The campaign uses Pashto-language spear-phishing lures to deploy the XenoRAT trojan for espionage. 🇵🇰-aligned group continues focus on South Asia. #APT #SideCopy #...

🌐 cyber[.]netsecops[.]io https://t.co/JC0UG9oHj8

0

1

0

65

Cybersecurity News Everyday

@TweetThreatNews

2 days ago

Seqrite Labs tied Operation XENOFISCAL to SideCopy, using a Pashto-named LNK and multi-stage loader to deploy persistent XenoRAT against Afghanistan's Ministry of Finance and provincial Mustoufiats. #Afghanistan #SideCopy #XenoRAT https://t.co/uJJdhjA66E

0

1

0

1

90

Cyber Team

@Cyberteam008

29 days ago

#Fofa Query for #DeskRAT Infra of #SideCopy #APT Query: header="HTTP/1.1 503 Service Unavailable" && header="Content-Length: 238" && asn="200019" Link: https://t.co/YFa9NbiLip Infra (Including enrichment from VT): As observed earlier, all IP addresses belongs to the same ASN "Alexhost SRL" IP Addresses: --------------------- 85.137.249[.]224:8080 85.137.249[.]243:8080 193.233.244[.]243:8080 45.90.97[.]211:8080 87.120.244[.]90:8080 87.120.244[.]206:8080 45.155.54[.]113:8080 46.253.4[.]33:8080 45.155.54[.]123:8080 45.155.54[.]253:8080 45.155.54[.]22:8080 Domains: --------------------- chuchuchacha[.]shop chuchuchacha[.]xyz chuchuchachawin[.]bond chuchuchachawin[.]sbs echs[.]online forwindowstesting[.]site forwindowstesting[.]space ftp.czwaluk[.]de makiinindia[.]online makiinindia[.]xyz vayusena[.]store vayusena[.]online vdsd.whypay[.]info #APT36 #Malware #ioc

Cyberteam008's tweet photo. #Fofa Query for #DeskRAT Infra of #SideCopy #APT

Query: header="HTTP/1.1 503 Service Unavailable" && header="Content-Length: 238" && asn="200019"

Link: https://t.co/YFa9NbiLip

Infra (Including enrichment from VT): As observed earlier, all IP addresses belongs to the same ASN "Alexhost SRL"

IP Addresses:
---------------------
85.137.249[.]224:8080
85.137.249[.]243:8080
193.233.244[.]243:8080
45.90.97[.]211:8080
87.120.244[.]90:8080
87.120.244[.]206:8080
45.155.54[.]113:8080
46.253.4[.]33:8080
45.155.54[.]123:8080
45.155.54[.]253:8080
45.155.54[.]22:8080

Domains:
---------------------
chuchuchacha[.]shop
chuchuchacha[.]xyz
chuchuchachawin[.]bond
chuchuchachawin[.]sbs
echs[.]online
forwindowstesting[.]site
forwindowstesting[.]space
ftp.czwaluk[.]de
makiinindia[.]online
makiinindia[.]xyz
vayusena[.]store
vayusena[.]online
vdsd.whypay[.]info

#APT36 #Malware #ioc

0

47

14

30

8K

Szabolcs Schmidt

@smica83

about 2 months ago

'c83d1f5f-5396-4fb9-b616-524126c3e1ad zip' seen from India @abuse_ch Looks like #APT36 #SideCopy https://t.co/WuZw17n8Ec

0

8

4

5

983

NSFOCUS @NSFOCUS_Intl

2 months ago

In January 2026, NSFOCUS Security Lab discovered a total of 26 #APT attack activities. The most active APT groups in January were #Lazarus from South Asia, #SideCopy and #TransparentTribe from South Asia, and #Kimsuky from East Asia. https://t.co/yBiVWGZl5f

0

1

0

333

ThreatBook @ThreatBookLabs

3 months ago

Threat Alert: #SideCopy — New Samples Beaconing to Known C2 Hashes: e8e7a86c9e3509bf503fd496489095eb4806ccd615c12219c7a0fad73283eeca 1e36f9bb209002db499b2d4df91d412462a7f1b6d04db0e8a4f95dba19e3ce2a C2: dns[.]wmiprovider[.]com ThreatBook Intelligence: https://t.co/iF95ZypJP1

ThreatBookLabs's tweet photo. Threat Alert:
#SideCopy — New Samples Beaconing to Known C2
Hashes:
e8e7a86c9e3509bf503fd496489095eb4806ccd615c12219c7a0fad73283eeca
1e36f9bb209002db499b2d4df91d412462a7f1b6d04db0e8a4f95dba19e3ce2a

C2: dns[.]wmiprovider[.]com
ThreatBook Intelligence: https://t.co/iF95ZypJP1 https://t.co/0Hxx0nvw3l

1

31

5

16

4K

Sathwik Ram Prakki @PrakkiSathwik

3 months ago

/2 #APT36 #SideCopy #ZIP 0d08936d4ffa15725cef6f7cc0c07dc0 bc267c75bd280bc227fd7e95032f8454 #LNK 627296b1e7522e09697a936e7ac3d5d7 #HTA 808c4bf1a72eeebf8df330a6f81a1aa6 (101.hta) 5067531edd98495c260c63e3092a8a37 (flow.hta) vcache #AresRAT 5963824e0c761be5504706d089143881

0

11

3

2

789

Sathwik Ram Prakki @PrakkiSathwik

3 months ago

#APT36 #SideCopy [1/2] Advisosry Fake Websites Seeking Beneficiary Data1 (1).zip {x2} -> desktop / #LNK Advisosry Fake Websites.desktop e10923fbfebbac23650756e77045533b ashraagrotech[.]com #C2 2.56.10.101:6357 - flow.hta #GetaRAT 2.56.10.121:52145 - vcache #AresRAT @500mk500

PrakkiSathwik's tweet photo. #APT36 #SideCopy [1/2]

Advisosry Fake Websites Seeking Beneficiary Data1 (1).zip {x2} -> desktop / #LNK

Advisosry Fake Websites.desktop
e10923fbfebbac23650756e77045533b

ashraagrotech[.]com

#C2
2.56.10.101:6357 - flow.hta #GetaRAT
2.56.10.121:52145 - vcache #AresRAT

@500mk500 https://t.co/C4HsexijZH

Sathwik Ram Prakki @PrakkiSathwik

5 months ago

#APT36 #SideCopy #Phishing #APT Finding more IOCs from URL & filename patterns: ZIPs at "/assets/***/XXXzip/" HTAs at "/assets/***/XXX/XXX.hta" Correlation graph made on @OsintrackerApp #C2 149.3.170.72:8621 2.56.10.86:8621 2.56.10.121:52145 146.19.173.32:8621 @500mk500

PrakkiSathwik's tweet photo. #APT36 #SideCopy #Phishing #APT

Finding more IOCs from URL & filename patterns:

ZIPs at "/assets/***/XXXzip/"
HTAs at "/assets/***/XXX/XXX.hta"

Correlation graph made on @OsintrackerApp

#C2
149.3.170.72:8621
2.56.10.86:8621
2.56.10.121:52145
146.19.173.32:8621

@500mk500 https://t.co/OLRbTcwyfW

3

248

43

162

27K

1

31

9

5

3K

Sathwik Ram Prakki @PrakkiSathwik

3 months ago

#APT36 #SideCopy #APT #Phishing documentcentre[.]in docsportal[.]in #opendir ISO/ZIP > LNK > HTA #C2 #GetaRAT dns.sysdllt[.]xyz 45.61.157[.22:5863 144.172.89[.29:5941 @500mk500 DoCDWork() Public\User\startT.hta, appT.bat, runT.bat Public\Config\Config.hta, CerT.bat, SigT.bat

$PrakkiSathwik's tweet photo. #APT36 #SideCopy #APT #Phishing documentcentre[.]in docsportal[.]in #opendir ISO/ZIP > LNK > HTA #C2 #GetaRAT dns.sysdllt[.]xyz 45.61.157[.22:5863 144.172.89[.29:5941 @500mk500 DoCDWork() Public\User\startT.hta, appT.bat, runT.bat Public\Config\Config.hta, CerT.bat, SigT.bat https://t.co/Dj7786wO18$

Sathwik Ram Prakki @PrakkiSathwik

3 months ago

#APT36 (ISO-LNK-BAT) triggers HTA-based #ReverseRAT & #GetaRAT, instead of CrimsonRAT [seen early Dec-2025] commskl.iso 7edf05d02d84b160b39e4e778a226959 commskl.docx.lnk 7f735f1605a54a18072f299a14507a5d #C2 AS14956 172.86.122[.]203:5863 dns.sysdllfile[.]site @500mk500

PrakkiSathwik's tweet photo. #APT36 (ISO-LNK-BAT) triggers HTA-based #ReverseRAT & #GetaRAT, instead of CrimsonRAT [seen early Dec-2025]

commskl.iso
7edf05d02d84b160b39e4e778a226959

commskl.docx.lnk
7f735f1605a54a18072f299a14507a5d

#C2 AS14956
172.86.122[.]203:5863
dns.sysdllfile[.]site

@500mk500 https://t.co/93fpuO6IWC

1

31

7

6

7K

1

48

7

28

4K

ReconBee @ReconBee

4 months ago

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities https://t.co/Oxg4YL9Mri #APT36 #SideCopy #RAT #campaign #remoteaccesstrojan #cyberattack

0

118

omvapt @omvapt

4 months ago

#APT36 and #SideCopy Launch Cross-Platform #RAT Campaigns Against #Indian_Entities https://t.co/LpsPBKY4Mq

0

2

0

147

Jedi Security •|• OSS

@JedisecX

4 months ago

https://t.co/VtWEELjHDW #SideCopy #Apt36 #threatassessment #threatprofile

0

1

0

90

Mr.Rabbit

@01ra66it

4 months ago

APT36（Transparent Tribe）とSideCopyがWindows＋Androidを狙うクロスプラットフォーム攻撃を展開。スピアフィッシングでバックドアとAPK配布、軍・政府関係者が標的。モバイルEDR強化が重要。 #APT36 #SideCopy #CyberEspionage https://t.co/c0HjVJrn3z

0

3

0

2

367

cyntelnext @cyntelnext

4 months ago

APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities - https://t.co/JHxFiPWq4p #campaigns #sidecopy #against

0

42

iT4iNT SERVER Pvt Ltd @it4int

4 months ago

iT4iNT SERVER APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities https://t.co/El9N5p1zsW VDS VPS Cloud #CyberSecurity #Malware #RAT #APT36 #SideCopy

0

23

Technomancer @0xT3chn0m4nc3r

4 months ago

APT36 & SideCopy hit Indian orgs with cross-platform RATs (Geta, Ares, DeskRAT) for data theft & persistence. 🚨 Info here: https://t.co/ZaWIXr31HG #CyberAttack #APT36 #SideCopy #RAT #India

0

66

Top Tweets for #SideCopy

Last Seen Hashtags on Sotwe

Trends for you

Most Popular Users